The observation I've made that Bluesky is mostly cultish ingroup signalling without semantic content stems from the fact that the only way to maintain a circle on here is be around the few open minded people not harassed offsite or join a cult clique severance from which renders the site unusable
There was a one post-removed telephone game skeet today about something I said last night. It was made entirely in good faith, and it looks like a very different story from the original. I'm not accepting "trust me bro" on something I wasn't even engaged in that seeks to hurt people!
This isn't even an AUR specific attack, the initial attack was publishing the malicious code through NPM in the first place, otherwise this wouldn't have worked as well as it seems to have.
The tl;dr is a botnet filed a whole lot of orphan requests on old/obscure/barely-used packages, pushing a malicious piece of code into the package building/install process. Caught by people paying attention.
